[openid-specs-rande] 2kb useable limit?
Roland Hedberg
roland at catalogix.se
Thu May 23 17:44:42 UTC 2019
I heard a while ago (actually last week) that there where implementations
out there in the wild that had problems with anything bigger the 2kb.
So, it’s a real world problem. And I think where it really hits is when the JWT
is part of a URL. Like when you have an id_token_hint in an authorisation request.
> On 23 May 2019, at 18:45, Mischa Salle <msalle at nikhef.nl> wrote:
>
> Hi,
>
> just to forward what I also wrote on the WLCG AuthZ WG mailing list:
>
>> just a small note on the token size, also keep in mind that they are
>> (typically) transported as JWT with signature and header and that you
>> can remove some whitespace. All kinds of things that might influence the
>> size. The size limitation might have to do with their use as bearer
>> tokens, meaning they're (often) put in a Authorization header, see the
>> OAuth2 bearer token RFC https://tools.ietf.org/html/rfc6750
>> which might or might not be such a good idea...
>
> headers have no strict maximum size, but are often limited to 4kB or
> 8kB in webservers (although usually can also be increased).
>
> Where did you get the 2k limitation?
>
> Cheers,
> Mischa
>
>
>
> On Thu, May 23, 2019 at 04:36:10PM +0000, Nick Roy wrote:
>> I found this thread, may be useful:
>>
>> https://stackoverflow.com/questions/26033983/what-is-the-maximum-size-of-jwt-token
>>
>> Nick
>>
>> On 23 May 2019, at 9:41, Hannah Short wrote:
>>
>>> Hi everyone,
>>>
>>> I'm wondering whether anyone can clarify why there is a recommended limit
>>> of 2kb for OIDC tokens? Is this a limitation in a common library, or a
>>> length restriction of HTTP Headers, for example?
>>>
>>> Cheers,
>>> Hannah
>>> --
>>> openid-specs-rande mailing list
>>> openid-specs-rande at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-rande
>
>
>
>> --
>> openid-specs-rande mailing list
>> openid-specs-rande at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-rande
>
>
> --
> Nikhef Room H155
> Science Park 105 Tel. +31-20-592 5102
> 1098 XG Amsterdam Fax +31-20-592 5155
> The Netherlands Email msalle at nikhef.nl
> __ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
> --
> openid-specs-rande mailing list
> openid-specs-rande at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-rande
— Roland
Were it left to me to decide whether we should have a government without newspapers, or newspapers without a government, I should not hesitate a moment to prefer the latter. -Thomas Jefferson, third US president, architect, and author (1743-1826)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190523/ba6f292e/attachment-0001.html>
More information about the openid-specs-rande
mailing list